Threat Intelligence Blog

Threat Intelligence Brief: August 28, 2018

Posted August 28, 2018

This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.

Insurance

“July 2018 was the worst month of 2018 for healthcare data breaches by a considerable distance. There were 33 breaches reported in July – the same number of breaches as in June – although 543.6% more records were exposed in July than the previous month. The breaches reported in July 2018 impacted 2,292,552 patients and health plan members, which is 202,859 more records than were exposed in April, May, and July combined.”

Technology

“T-Mobile USA announced a security breach late last night. The company says its cyber-security team discovered and shut down unauthorized access to its customers’ data on Monday, August 20. T-Mobile USA announced a security breach late last night. The company says its cyber-security team discovered and shut down unauthorized access to its customers’ data on Monday, August 20. T-Mobile said the hacker (or hackers) did not gain access to passwords, social security numbers, or any financial information. Impacted customers will receive an SMS, letter in the mail, or a phone call to notify them. The US telco says it informed law enforcement authorities about the breach. A T-Mobile spokesperson told Motherboard that less than 3% of its customerbase was affected. T-Mobile reported 75.62 million customers at the end of Q2 2018. That would put the breach at around 3.9 million customers, still a considerable number. As some T-Mobile users have pointed out, even if the hackers did not get their hands on any financial data or passwords, the breach makes it easier for the attacker to port (SIM swap) numbers.”

Information Security Risk

“A Necurs botnet has been used to launch a campaign of targeted phishing emails aimed at breaching the cyber defenses of a number of banks. A security vendor said the short-lived phishing campaign began on August 15 and targeted more than 2,700 bank domains. However, after a few hours the attacks abruptly ceased. In the latest short-lived attack, targeted phishing emails were sent to banking employees, most carrying a file with the .pub extension. This extension is used by Microsoft Publisher. “Like Word and Excel, Publisher has the ability to embed macros. However, not all of the emails carried .pub files. Some delivered infected PDF files instead. The infected files featured macros which on opening caused malware to be downloaded to the victim’s machine from a remote server.””

Reputational Risk

“A US bank has agreed to pay a $10.5 million settlement to resolve two separate complaints. The first issue stems from bad loans issued by its Mexican subsidiary to an oil company from 2008-14, which led to losses of $475 million. The second complaint was centered on mismarked illiquid positions and unauthorized proprietary trading from 2013-16. Three traders, now fired, mismarked illiquid positions in proprietary accounts they managed, leading to the covering of losses from widespread unauthorized trading. Regulators allege the bank failed to detect the misconduct sooner because it lacked supervisory procedures and systems to verify the valuations of the mismarked positions. ”